29May
How can you exploit a website that resolves to localhost?
Let's say you're on a pentest (or bug bounty hunting) and you meet a domain that resolves to 127.0.0.1, How can you exploit that? is that even considered a misconfiguration ? sometimes i see domains named like 127-0-0-1.domain.com and it resolves to localhost, why do the developers even need such a thing ?
